Abstract: A computerized method for evaluating an organization's risk to be exposed to cyber security events, the method including receiving a request to evaluating a specific organization's risk to be exposed to cyber security event, the request including information about the specific organization, collecting security-based risk indicators about the specific organization, inputting the security-based risk indicators about the specific organization into a model, said model obtains weights to classifiers that represent an impact of a specific organization to be exposed to a security event, computing a specific risk value for the specific organization according to values of the specific organization and the weights of the classifiers.